[JBoss JIRA] (MODCLUSTER-417) Obfuscating jvmRoute as to hide topology

Wednesday, 18 June 2014

    [
https://issues.jboss.org/browse/MODCLUSTER-417?page=com.atlassian.jira.pl...
] 

Radoslav Husar edited comment on MODCLUSTER-417 at 6/18/14 8:42 AM:
--------------------------------------------------------------------

Hm, I am afraid it is not going to help with WildFly 8 and above anyway. If you proceed as
an attacker such as:

# create a request, remember the session id (somehow including the obfuscated route)
# let the http session expire
# spawn DOS attack with the same session id but since LB has no idea that is has already
expired, it will be *always* routed to the same node
# the node is going to create a new session and use key affinity service so that the
session is local to that node
# you can use all the new created sessions knowing they are all routed to the same node
anyway
# to DOS multiple different nodes at once, you can do the same and observe response rate
degradation

So the suggested approach is probably not going to help at all.

was (Author: rhusar):
Hm, I am afraid it is not going to help with WildFly 8 and above anyway. If you proceed as
an attacker such as:

# create a request, remember the session id (somehow including the obfuscated route)
# let the http session expire
# spawn DOS attack with the same session id but since LB has no idea that is has already
expired, it will be *always* routed to the same node
# the node is going to create a new session and use key affinity service so that the
session is local to that node

So the suggested approach is probably not going to help at all.

...
 Obfuscating jvmRoute as to hide topology
 ----------------------------------------

                 Key: MODCLUSTER-417
                 URL: https://issues.jboss.org/browse/MODCLUSTER-417
             Project: mod_cluster
          Issue Type: Feature Request
      Security Level: Public(Everyone can see) 
          Components: Native (httpd modules)
    Affects Versions: 1.3.0.Final, 1.2.9.Final
            Reporter: Radoslav Husar
            Assignee: Jean-Frederic Clere
            Priority: Minor

 Feature request from https://github.com/jmcabrera
 Hello guys.
 First of all, this is a feature request and not a bug.
 I would like to "obfuscate" the jvmRoute so that an external attacker cannot
"guess" the topology of my internal infrastructure.
 The "strong" way would be to have a symmetrical cipher with a configurable
key.
 mod_cluster could then cipher the jsessionid before exposing it to the external world,
and decipher it to recover the jvmRoute and properly redirect the request.
 But I guess that this would have very undesirable consequences on performance.
 The "weak" way would be just obfuscate, i.e. let's say that the jsessionid
is alea + '.' + jvmRoute. We could take a part of the alea to alter the jvmroute
in a reversible way (XORing for instance).
 Anyhow, the expected effect would be that the jvmroute would be externally different for
each and every request.
 Unfortunately, I have close to no C skills, hence I cannot make this myself.
 (as a side note, coming from mod_jk, I'm quite impressed by the features mod_cluster
offers! Thanks for the good work :) ) 

--
This message was sent by Atlassian JIRA
(v6.2.6#6264)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009